[PATCH V2 12/16] mmc: omap_hsmmc: fix oops in omap_hsmmc_dma_cb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In the case of an I/O error, the DMA will have been
cleaned up in the MMC interrupt and the request
structure pointer will be null.

In that case, it is essential to check if the DMA
DMA is over before dereferencing host->mrq->data.

Oops as follows:

<3>[ 2293.695281] wl1271: ERROR sdio read failed (-110)
<1>[ 2293.695739] Unable to handle kernel NULL pointer dereference at virtual
address 00000004
<1>[ 2293.703094] pgd = b0004000
<1>[ 2293.705780] [00000004] *pgd=00000000
<0>[ 2293.709381] Internal error: Oops: 17 [#1] PREEMPT
<0>[ 2293.714080] last sysfs file:
/sys/devices/platform/omapdss/manager0/cpr_enable
<4>[ 2293.721313] Modules linked in: ext2 dm_crypt xt_NFLOG xt_rateest
xt_RATEEST xt_condition iptable_filter ip_tables dm_mod xt_IDLETIMER
nfnetlink_log nfnetlink as3645a ad58xx smiapp smiapp_power omap3_isp iovmm
omap3_iommu iommu2 iommu wl12xx_spi bnep omaplfb bridgedriver g_file_storage
cmt_speech ssi_protocol phonet hsi_char wl12xx_sdio wl12xx pvrsrvkm omap_ssi
mailbox_mach vibra_spi radio_wl1273 mailbox bcm4751_gps lis3lv02d_i2c ak8975
lis3lv02d leds_lp5521 apds990x pn544 rtc_twl4030 twl4030_keypad
twl4030_pwrbutton cmt twl5031_aci hci_h4p
<4>[ 2293.769287] CPU: 0    Not tainted  (2.6.32.36-dfl61-20111603 #1)
<4>[ 2293.775329] PC is at omap_hsmmc_dma_cb+0x18/0x140
<4>[ 2293.780029] LR is at omap2_dma_irq_handler+0x244/0x28c
<4>[ 2293.785156] pc : [<b024e180>]    lr : [<b0049ed0>]    psr: a00001d3
<4>[ 2293.785186] sp : edfb3c48  ip : edfb3bf8  fp : edfb3d3c
<4>[ 2293.796661] r10: fa05632c  r9 : fa056000  r8 : ee4889c0
<4>[ 2293.801910] r7 : 00000020  r6 : 00000001  r5 : edfb2000  r4 : ee53e1c0
<4>[ 2293.808441] r3 : 00000000  r2 : edfb3c48  r1 : 00000020  r0 : 00000007
<4>[ 2293.814971] Flags: NzCv  IRQs off  FIQs off  Mode SVC_32  ISA ARM
Segment kernel
<4>[ 2293.822479] Control: 10c5387d  Table: bc9f4019  DAC: 00000017
<0>[ 2293.828247] Process phy0 (pid: 313, stack limit = 0xedfb22e8)
<0>[ 2293.833984] Stack: (0xedfb3c48 to 0xedfb4000)
...
<4>[ 2294.084320] [<b024e180>] (omap_hsmmc_dma_cb+0x18/0x140) from [<b0049ed0>]
(omap2_dma_irq_handler+0x244/0x28c)
<4>[ 2294.094268] [<b0049ed0>] (omap2_dma_irq_handler+0x244/0x28c) from
[<b0093d44>] (handle_IRQ_event+0x34/0xf0)
<4>[ 2294.104034] [<b0093d44>] (handle_IRQ_event+0x34/0xf0) from [<b0095bec>]
(handle_level_irq+0xcc/0x170)
<4>[ 2294.113250] [<b0095bec>] (handle_level_irq+0xcc/0x170) from [<b002c068>]
(asm_do_IRQ+0x68/0x84)
<4>[ 2294.121978] [<b002c068>] (asm_do_IRQ+0x68/0x84) from [<b002ca84>]
(__irq_svc+0x44/0xa8)
<4>[ 2294.129974] Exception stack(0xedfb3cc0 to 0xedfb3d08)
<4>[ 2294.135040] 3cc0: 0021d5cd 00000000 3d20cc2d 00000002 edf7dd40 edfb2000
edf7dee8 edf7ddd8
<4>[ 2294.143249] 3ce0: 00000001 00000000 ee516080 edfb3d3c b04880b8 edfb3d08
b0059e5c b0344184
<4>[ 2294.151428] 3d00: 00000053 ffffffff
<4>[ 2294.154968] [<b002ca84>] (__irq_svc+0x44/0xa8) from [<b0344184>]
(schedule+0x248/0x3a8)
<4>[ 2294.162963] [<b0344184>] (schedule+0x248/0x3a8) from [<b03448ac>]
(schedule_timeout+0x1c/0x224)
<4>[ 2294.171691] [<b03448ac>] (schedule_timeout+0x1c/0x224) from [<b0344738>]
(wait_for_common+0xe8/0x1a8)
<4>[ 2294.180938] [<b0344738>] (wait_for_common+0xe8/0x1a8) from [<b02459f8>]
(mmc_wait_for_req+0x110/0x120)
<4>[ 2294.190277] [<b02459f8>] (mmc_wait_for_req+0x110/0x120) from [<b0249bac>]
(mmc_io_rw_extended+0x178/0x1e0)
<4>[ 2294.199951] [<b0249bac>] (mmc_io_rw_extended+0x178/0x1e0) from
[<b024ab54>] (sdio_io_rw_ext_helper+0x164/0x190)
<4>[ 2294.210052] [<b024ab54>] (sdio_io_rw_ext_helper+0x164/0x190) from
[<b024aba0>] (sdio_writesb+0x20/0x24)
<4>[ 2294.219512] [<b024aba0>] (sdio_writesb+0x20/0x24) from [<af0d50e0>]
(wl1271_sdio_raw_write+0x64/0xa4 [wl12xx_sdio])
<4>[ 2294.230041] [<af0d50e0>] (wl1271_sdio_raw_write+0x64/0xa4 [wl12xx_sdio])
from [<af0bd4bc>] (wl1271_tx_work_locked+0x548/0x5fc [wl12xx])
<4>[ 2294.242218] [<af0bd4bc>] (wl1271_tx_work_locked+0x548/0x5fc [wl12xx])
from [<af0ba944>] (wl1271_irq_work+0x230/0x314 [wl12xx])
<4>[ 2294.253631] [<af0ba944>] (wl1271_irq_work+0x230/0x314 [wl12xx]) from
[<b00725ac>] (worker_thread+0x174/0x224)
<4>[ 2294.263519] [<b00725ac>] (worker_thread+0x174/0x224) from [<b0075bac>]
(kthread+0x7c/0x84)
<4>[ 2294.271820] [<b0075bac>] (kthread+0x7c/0x84) from [<b002d950>]
(kernel_thread_exit+0x0/0x8)
<0>[ 2294.280181] Code: e5923008 e1a0200d e3c25d7f e3c5503f (e5936004)
<4>[ 2294.286529] ---[ end trace e8fb05c679bd87ff ]---

Signed-off-by: Adrian Hunter <adrian.hunter@xxxxxxxxx>
---
 drivers/mmc/host/omap_hsmmc.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c
index 8aa9440..ee57b9b 100644
--- a/drivers/mmc/host/omap_hsmmc.c
+++ b/drivers/mmc/host/omap_hsmmc.c
@@ -1364,7 +1364,7 @@ static void omap_hsmmc_config_dma_params(struct omap_hsmmc_host *host,
 static void omap_hsmmc_dma_cb(int lch, u16 ch_status, void *cb_data)
 {
 	struct omap_hsmmc_host *host = cb_data;
-	struct mmc_data *data = host->mrq->data;
+	struct mmc_data *data;
 	int dma_ch, req_in_progress;
 
 	if (!(ch_status & OMAP_DMA_BLOCK_IRQ)) {
@@ -1379,6 +1379,7 @@ static void omap_hsmmc_dma_cb(int lch, u16 ch_status, void *cb_data)
 		return;
 	}
 
+	data = host->mrq->data;
 	host->dma_sg_idx++;
 	if (host->dma_sg_idx < host->dma_len) {
 		/* Fire up the next transfer. */
-- 
1.7.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-omap" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Arm (vger)]     [ARM Kernel]     [ARM MSM]     [Linux Tegra]     [Linux WPAN Networking]     [Linux Wireless Networking]     [Maemo Users]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux